It came to light last week that hackers had attacked the International Monetary Fund (IMF). This international body holds data for 187 of the world’s 194 nations. Amongst its functions, the IMF provides economic assistance and policy advice for nations in financial crisis; and thus holds extremely confidential information about the financial state of many nations.
The hackers made off with a ‘large quantity’ of data including emails and other documents. It is not yet clear how sensitive the stolen data is; needless to say though, the IMF are attempting to keep the media away from this story as much as possible.
The penetration is believed to have been carried out through a ‘spear phishing attack’. Typically, this is where an employee is lured into clicking on a link to a malicious website or downloading a file loaded with malware. The attack is similar in style to the recent attacks on Google, Sony and CitiGroup.
How secure is your organistions sensitive information?
Cyber attacks are a risk for every business, of any size. Efficient and routine penetration testing of your systems is the only way to ensure that your networks and applications are genuinely secure against today’s automated cyber attacks. IT Governance is here to help. We can provide a complete solution for your business, call us today on 0845 070 1750 or email us to discuss your penetration testing needs.
If you would like to read more information about Penetration Testing, and the services that IT Governance can provide, click here for more information. We also have a free White Paper on Security Penetration Testing and ISO27001, download here.
As in many of these recent hacker attacks, the actions of an employee have been at the centre of the issue. That is not to say that system security was not a major issue, it clearly was. However, it is imperative that individuals within an organisation understand their role when it comes to information security. Our ITG E-Learning Course: Information Security Staff Awareness is an effective and affordable way to ensure your staff has the appropriate information security training.